github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/terraform/azure/authorization/adapt_test.go (about) 1 package authorization 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/providers/azure/authorization" 9 10 "github.com/khulnasoft-lab/defsec/internal/adapters/terraform/tftestutil" 11 12 "github.com/khulnasoft-lab/defsec/test/testutil" 13 "github.com/stretchr/testify/assert" 14 "github.com/stretchr/testify/require" 15 ) 16 17 func Test_adaptRoleDefinition(t *testing.T) { 18 tests := []struct { 19 name string 20 terraform string 21 expected authorization.RoleDefinition 22 }{ 23 { 24 name: "wildcard actions and data reference scope", 25 terraform: ` 26 resource "azurerm_role_definition" "example" { 27 name = "my-custom-role" 28 29 permissions { 30 actions = ["*"] 31 not_actions = [] 32 } 33 34 assignable_scopes = [ 35 data.azurerm_subscription.primary.id, 36 ] 37 } 38 `, 39 expected: authorization.RoleDefinition{ 40 Metadata: defsecTypes.NewTestMetadata(), 41 Permissions: []authorization.Permission{ 42 { 43 Metadata: defsecTypes.NewTestMetadata(), 44 Actions: []defsecTypes.StringValue{ 45 defsecTypes.String("*", defsecTypes.NewTestMetadata()), 46 }, 47 }, 48 }, 49 AssignableScopes: []defsecTypes.StringValue{ 50 defsecTypes.StringUnresolvable(defsecTypes.NewTestMetadata()), 51 }, 52 }, 53 }, 54 { 55 name: "no actions and wildcard scope", 56 terraform: ` 57 resource "azurerm_role_definition" "example" { 58 name = "my-custom-role" 59 60 permissions { 61 actions = [] 62 not_actions = [] 63 } 64 65 assignable_scopes = [ 66 "/" 67 ] 68 } 69 `, 70 expected: authorization.RoleDefinition{ 71 Metadata: defsecTypes.NewTestMetadata(), 72 Permissions: []authorization.Permission{ 73 { 74 Metadata: defsecTypes.NewTestMetadata(), 75 }, 76 }, 77 AssignableScopes: []defsecTypes.StringValue{ 78 defsecTypes.String("/", defsecTypes.NewTestMetadata()), 79 }, 80 }, 81 }, 82 } 83 84 for _, test := range tests { 85 t.Run(test.name, func(t *testing.T) { 86 modules := tftestutil.CreateModulesFromSource(t, test.terraform, ".tf") 87 adapted := adaptRoleDefinition(modules.GetBlocks()[0]) 88 testutil.AssertDefsecEqual(t, test.expected, adapted) 89 }) 90 } 91 } 92 93 func TestLines(t *testing.T) { 94 src := ` 95 resource "azurerm_role_definition" "example" { 96 name = "my-custom-role" 97 98 permissions { 99 actions = ["*"] 100 not_actions = [] 101 } 102 103 assignable_scopes = ["/"] 104 }` 105 106 modules := tftestutil.CreateModulesFromSource(t, src, ".tf") 107 adapted := Adapt(modules) 108 109 require.Len(t, adapted.RoleDefinitions, 1) 110 require.Len(t, adapted.RoleDefinitions[0].Permissions, 1) 111 require.Len(t, adapted.RoleDefinitions[0].AssignableScopes, 1) 112 113 assert.Equal(t, 6, adapted.RoleDefinitions[0].Permissions[0].Actions[0].GetMetadata().Range().GetStartLine()) 114 assert.Equal(t, 6, adapted.RoleDefinitions[0].Permissions[0].Actions[0].GetMetadata().Range().GetEndLine()) 115 116 assert.Equal(t, 10, adapted.RoleDefinitions[0].AssignableScopes[0].GetMetadata().Range().GetStartLine()) 117 assert.Equal(t, 10, adapted.RoleDefinitions[0].AssignableScopes[0].GetMetadata().Range().GetEndLine()) 118 119 }